System Extension Blocked - How to allow KEXT via PMM Policy?

Several of my packaged applications require users to allow extensions when they install them. I'd like to push some kind of profile to the Macs through PMM to automatically allow extensions for known extensions IDs.

Anyone figured out a way to do this to existing Macs via PMM?

Thanks in advance!

 

A device has to be enrolled in DEP/MDM for it to work through parallels pmm. You can use a mobileconfig file such as our example https://drive.google.com/file/d/1u-n7O96FBQn2HNkoeeVCKcsm5GEL_0QG/view?usp=sharing SCCM Console, Overview, Compliance Settings, Configuration Items, click Create Parallels Configuration Item and from dropdown select Mac OS X Configuration Profile from File. Browse to where you have the mobileconfig file, give it a name, and System Profile Radio buton and make sure to check the box for Install via MDM server. Without that checked only normal configuration profiles can be installed by not the newer special user ones like kext and tcc whitelist. Then deploy it as a baseline to whatever devices you need it.
If your device is not enrolled in dep/mdm then this kext whitelist can only be applied I believe during imaging (not sure if it can be applied if you just netboot/internet recovery as parallels says it should be before the format and partition disk part). We have a script run during out imaging that is like
#!/bin/sh
# Parallels Desktop
spctl kext-consent add 4C6364ACXT
# Kaspersky
spctl kext-consent add 2Y8XE5CQ94
# Asix
spctl kext-consent add RW72P2PQ8E
spctl kext-consent add 5RHFAZ9D4P
# HP
spctl kext-consent add 6HB5Y2QTA3
# Epson
spctl kext-consent add TXAEAV5RN4
# Cisco
spctl kext-consent add DE8Y96K9QP
# Matlab
spctl kext-consent add 94DN422U8R
# Virtualbox
spctl kext-consent add VB5E2TV963
# Tripplite
spctl kext-consent add Z5M5QP2W4Y
exit 0